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METHOD FOR HANDLING GLOBAL CHALLENGE 
AUTHENTICATION REGISTRATION, MOBILE SWITCHING CENTER 
AND MOBILE STATION THEREFOR 

BACKGROUND OF THE INVENTION 

Technical Field of the Invention 

This invention relates to cellular telecommunications networks, 
and more particularly to a method for handling global challenge 
authentication registration, and to a Mobile Switching Center (MSC) 
and a mobile station performing such global challenge authentication 
registration handling. 
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Description of Related Art 

Ever since their introduction on the market, mobile stations have 
changed the way people communicate. Now, it is possible to reach a 
person almost anywhere, using only one number. The number is no 
longer linked to a location, but is rather linked to a mobile station that 
communicates through a radio interface with a cellular network. So 
wherever the mobile station is located, i.e. within the cellular network 
coverage, it can originate or receive a call by means of the radio 
interface. For originating a call through the cellular network, the 
mobile station has to identify itself by providing its Mobile 
Identification Number (MM) and Electronic Serial Number (ESN). 
The MIN/ESN allows the cellular network to recognize which mobile 
station is calling, so to charge fees incurred for the call appropriately. 

A problem that has emerged with the ever-increasing popularity 
of mobile stations is the cloning. The cloning is performed by 
'listening" to the radio interface to find a MIN/ESN, and programming 
a second mobile station with the same MIN/ESN. By doing so, the fees 
incurred for calls originated by the second mobile station are charged 
to the first mobile station. This method of fraud has caused important 
financial damages to cellular network providers and to owners of 
mobile stations. 

To solve that problem, the security of cellular networks has been 
improved with authentication procedures to which the mobile stations 
must participate. One of the various authentication procedures that has 
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been developed for D-AMPS (Digital-Advanced Mobile Phone 
Service) is called Global Challenge. This authentication procedure 
relies on using an algorithm called CAVE, and in an exchange of 
parameters between the mobile station and an authentication center. 
The authentication center stores a set of data for each mobile station 
including their MEN and ESN, along with an A-key and a Shared 
Secret Data (SSD) also called authentication data. The set of data is 
used as input parameters to the CAVE algorithm, along with a random 
number broadcast by the MSG servicing the mobile station, to verify 
authenticity of the mobile station. 

More precisely, the Global Challenge procedure is performed on 
digital or analog control channel at system access, and involves 
validation of the authentication data received from the mobile station. 
System access is performed when the mobile station initiates or 
receives a call, or when the mobile station makes a periodic 
registration, typically every 10 minutes when the mobile station is 
powered on and idle, to inform the cellular network of its location. 

However, when the mobile station is powered on, idle, and static 
for long periods of time, the periodic registration is continued with its 
repetitive global challenge performance, thus causing important 
processor load to the MSG. Furthermore, by repetitively performing 
global challenge at periodic registration while being static and idle, the 
risks of cloning the mobile station are increased due to the 
foreseeability of the periodic registration and the lack of movement and 
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activity of the mobile station. 

In order to overcome the disadvantage of existing solutions, it 
would be advantageous to have a method, which would allow better 
handling of the global challenge authentication performed in 
conjunction with the periodic registration. It would also be 
advantageous to provide a MSG and a mobile station that would 
support such better handling of the global challenge authentication at 
periodic registration. 

SUMMARY OF THE INVENTION 

The present invention provides a method for handling more 
efficiently global challenge authentication performed in conjunction 
with periodic registrations to reduce system load at a Mobile Switching 
Center (MSG). The present invention also provides a MSG that 
handles global challenge authentication at periodic registration so as to 
limit the load incurred on its processors without jeopardizing the 
existing added security provided by the authentication. Also provided 
herein is a mobile station (MS) that performs additional verification 
before repetitively and continuously performing global challenge 
authentication at periodic registration. 

In one aspect, the present invention is a method for handhng 
global challenge authentication registration in a cellular 
telecommunications network. In this method, a registration message 
is received at the MSG from a mobile station. The MSG determines 
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whether it has capabilities for bypassing global challenge 
authentication. If the MSG has capabilities for bypassing global 
challenge authentication, the MSG verifies whether a Visitor Location 
Register (VLR) thereto related has a record for the mobile station from 
which the registration message has been received. If the VLR has a 
record for the mobile station from which the registration has been 
received, the global challenge authentication is bypassed for that 
mobile station. However, if the VLR does not have a record for the 
mobile station, the global challenge authentication is performed as 
usual. In instances where the MSG does not have capabilities for 
bypassing global challenge authentication, the global challenge 
authentication is performed for the mobile station. 

In another aspect, the present invention is a Mobile Switching 
Genter (MSG) for handling global challenge authentication registration. 
The MSG has an input port for receiving a registration message from 
a mobile station, and global challenge authentication logic. The 
global challenge authentication logic determines whether global 
challenge authentication is required for the mobile station from which 
the registration message has been received. 

In yet another aspect, the present invention is a mobile station 
for handling global challenge authentication registration. The mobile 
station has an input/output module for receiving a broadcast message 
and for transmitting a periodic registration message. The mobile 
station also has a global challenge authentication calculation module 
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for computing an authentication signature. Also incorporated in the 
mobile station is a discrimination module for determining whether the 
authentication signature is required for the periodic registration 
message, so that the authentication signature is computed and included 
in the periodic registration message when the discrimination module 
determines that it is required. However, if the discrimination module 
determines that the authentication signature is not required, than it is 
not computed and it is not included in the periodic registration. 




BRIEF DESCRIPTION OF THE DRAWINGS 

The invention will be better understood and its numerous objects 
and advantages will become more apparent to those skilled in the art by 
reference to the following drawings, in conjunction with the 
accompanying specification, wherein like reference numerals denote 
like parts, and in which: 

FIGURE 1 is a functional block diagram of a method for 
handling global challenge authentication registration in accordance 
with the prior art; 

FIGURE 2 is a functional block diagram of a method for 
handling global challenge authentication registration in accordance 
with a preferred embodiment of the present invention; 

FIGURE 3 is a functional block diagram of a method for 
handling global challenge authentication registration in accordance 
with another preferred embodiment of the present invention; 
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FIGURE 4 is a functional block diagram of a method for 
handling global challenge authentication registration in accordance 
with another preferred embodiment of the present invention; 

FIGURE 5 is a functional block diagram of a step for 
determining wheflier to bypass global challenge in accordance with the 
teachings of the present invention; 

FIGURE 6 is a Mobile Switching Center (MSG) for performing 
global challenge authentication registration handling in accordance 
with the teachings of the present invention; and 

FIGURE 7 is a mobile station for performing global challenge 
authentication registration handling in accordance with the teachings of 
the present invention. 

DETAILED DESCRIPTION OF EMBODIMENTS 

The present invention relates to global challenge authentication 
performed in conjunction with periodic registrations, and to a method 
and to a system to improve such global challenge authentication. For 
doing so, the present invention provides an improved method for 
handling more efficiently the global challenge authentication 
performed at periodic registration, so as to reduce system load induced 
on a Mobile Switching Center (MSG). The present invention also 
provides a MSG that handles global challenge authentication at 
periodic registration more efficiently so as to limit the load incurred on 
its processors, without jeopardizing the existing added security 
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provided by the authentication. Also provided herein is a new mobile 
station (MS) that performs additional verifications before quite simply 
repetitively and continuously performing global challenge 
authentication at periodic registration. 

Reference is now made to FIGURE 1 wherein there is shown a 
functional block diagram of a method for handling global challenge 
authentication registration in accordance with the prior art. In such 
prior art methods, the MSG 10 broadcast a message 14 on its control 
channel indicating that global challenge authentication is required at 
each system access. System access includes the initiation or 
termination of a call, and the periodic registration performed by the 
mobile station 12, i.e. typically every 10 minutes when the mobile 
station is powered so as to inform the cellular network of its location. 
Before performing periodic registration, the mobile station 12 
determines whether global challenge is required upon periodic 
registration (step 16). The global challenge procedure consists of 
calculating at the mobile station an authentication signature based on 
its mobile station identification number and electronic serial number, 
and on a random number received from the MSG 10 and a shared secret 
data, using an algorithm called GAVE for AMPS and D-AMPS 
networks. If global challenge is required at system access, the mobile 
station calculates the authentication signature (also called Authr) (step 
18), and sends the authentication signature (step 20) to the MSG 10 
upon performing its registration. 
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The MSG 10 receives the authentication signature, and must 
verify its accuracy by performing authentication (step 22). For doing 
so, the MSG requests from a corresponding VLR 24, which can be co- 
located or not with the MSG 10, the shared secret data for that 
5 particular mobile station. The shared secret data is sent to the MSG 
(step 26), which then performs authentication. If the results of the 
authentication performed by the MSG are the same as the 
authentication signature received from the mobile station 12, the MSG 
informs the VLR (step 27) and updates the location of the mobile 
j; 10 station (step 28). The MSG also allows the mobile station 12 to 

'■i ! J 

continue its system access (step 30). 
W However, as can be appreciated by those skilled in the art, the 

Q continuous recurrence of the global challenge performance at periodic 

\ .-J 

registration causes an important processor load to the MSG. 
,2 15 Furthermore, by repetitively performing global challenge at periodic 
|3 registration while being static and idle, the risks of cloning the mobile 

It Station are increased due to the foreseeability of the periodic 

registration and the lack of movement and activity of the mobile 

station. 

20 Reference is now made to FIGURE 2, which shows a 

functional block diagram of a method for handling global challenge 
authentication registration in accordance with a preferred embodiment 
of the present invention. Li that method, as previously described, the 
MSG 10 broadcast a message 14 on its control channel indicating that 
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global challenge authentication is required at each system access. The 
mobile station 12 receives the message 14. Before performing periodic 
registration, the mobile station 12 determines whether global challenge 
is required upon periodic registration (step 16). If global challenge is 
required at system access, the mobile station calculates the 
authentication signature (also called Authr) (step 1 8), and includes the 
authentication signature in the registration message which is sent to the 
MSG 10 upon performing its registration (step 20), 

The MSG 10 receives the registration message that includes the 
authentication signature, and determines whether it has capabilities 
for bypassing global challenge authentication (step 31). If the MSG 
has capabilities for bypassing global challenge authentication, it then 
performs a verification with a related Visitor Location Register 
(VLR), shown as co-located for the sake of clarity but those skilled in 
the art will readily understand that the VLR could also be a 
standalone node. The MSG verifies whether the VLR has a record for 
the mobile station from which the registration message has been 
received. The MSG 10 may also further verify whether the mobile 
station from which the registration has been received has previously 
succeeded authentication. If the VLR has a record for the mobile 
station, then the global challenge authentication is bypassed for the 
mobile station, and the MSG updates the location information in step 
28 and the periodic registration is continued at step 30. However, if 
the VLR does not have a record for the mobile station, the global 
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challenge authentication is performed at step 22, in a manner known 
in the art. Alternatively, if it is determined at step 31 that the MSG 10 
does not have capabilities for bypassing global challenge 
authentication, the global challenge autiientication is performed at 
step 22. 

For performing the global challenge authentication at step 22, 
the MSG 10 requests from the VLR the shared secret data for that 
particular mobile station at step 24. If the results of the authentication 
performed by the MSG are the same as the authentication signature 
received from the mobile station 12, the MSG informs the VLR (step 
27) that the MSG has received a registration for the mobile station 
(step 28), thus resetting a timer therein. Then, the MSG allows the 
mobile station 12 to continue its periodic registration (step 30). 

Referring now to FIGURE 3, there is shown a functional block 
diagram of another preferred embodiment of the method for handling 
global challenge authentication of the present invention. In that 
embodiment, the MSG 10 broadcast the message 14 on its control 
channel indicating that global challenge authentication is required at 
system access, but with an indication to the effect that global challenge 
authentication is not required if the system access is a periodic 
registration. 

The mobile station 12 receives the message 14. Before 
performing periodic registration, the mobile station 12 determines 
whether the message 14 received from the MSG indicates whether 
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global challenge is required upon system access (step 16). If global 
challenge is required for system access, the mobile station 12 verifies 
(step 40) whether the message received included an indication that 
global challenge authentication is not required for periodic registration. 
If it is determined in step 40 that global challenge authentication is 
required for periodic registration, die method moves to step 18, where 
the mobile station 12 performs global challenge authentication 
calculation to obtain die authentication signature and includes the 
authentication signature in the registration message (step 20). In the 
altemative, if it has been determined in step 40 that global challenge 
authentication is not required for periodic registration, the registration 
message is sent (step 42) without including the authentication 
signature. 

As previously described for Figure 2, the MSG 10 receives the 
registration message, and determines whether it has capabilities for 
bypassing global challenge authentication (step 31). Reference is now 
additionally made to Figure 5, where there is shown a more detailed 
functional block diagram of step 31, for determining whether to bypass 
global challenge in accordance with the present invention. More 
particularly, to determine whether the MSG has capabilities for 
bypassing global challenge, verification is made to determine whether 
the bypass global challenge feature is active in step 60. If the bypass 
global challenge feature is not active, it is determined that the MSG 
does not have capabilities for bypassing global challenge at step 61. 
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Alternatively, if the bypass global challenge feature is active, a 
verification (step 62) is made to determine whether the indication 
(shown as NOPerGC) is sent on the control channel. For instances 
where the indication that global challenge autfientication is not 
5 required for periodic registration has been sent on the control channel, 
it is determined that the MSG has capabihties for bypassing global 
challenge at step 64. Altematively, when the indication that global 
challenge authentication is not required for periodic registration has not 
been send on the control channel, a verification (step 76) is made to 

10 determine whether statistical global challenge for periodic registrations 
are required. If statistical global challenge for periodic registrations are 
required, it is determined that the MSG does not have capabilities for 
bypassing global challenge for periodic registration at step 61, 
alternatively it is determined that the MSG has capabilities for 

15 bypassing global challenge for periodic registration at step 64. 

If it is determined in step 3 1 that the MSG has capabilities for 
bypassing global challenge authentication, it then verifies with the 
related VLR, as previously described, that the VLR has a record for 
the mobile station from which the registration message has been 

20 received. If the VLR has a record for the mobile station, then the 
global challenge authentication is bypassed for the mobile station, 
and the MSG updates the location information in step 28 and the 
periodic registration is continued at step 30. However, if the VLR 
does not have a record for the mobile station, the global challenge 
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authentication is performed at step 22, in a manner known in the art. 
Alternatively, if it is determined at step 31 that the MSG 10 does not 
have capabihties for bypassing global challenge authentication, the 
global challenge authentication is performed at step 22. 

For performing the global challenge authentication at step 22, 
the MSG 10 requests from the VLR the shared secret data for that 
particular mobile station at step 24. If the results of the authentication 
performed by the MSG are the same as the authentication signature 
received from the mobile station 12, the MSG informs the VLR (step 
27) that the MSG has received a registration for the mobile station 
(step 28), thus resetting a timer therein. Then, the MSG allows the 
mobile station 12 to continue its periodic registration (step 30). 

Referring now to FIGURE 4, there is shown a functional 
block diagram of a method for handling global challenge 
authentication registration in accordance with another preferred 
embodiment of the present invention. In this other preferred 
embodiment, as previously described with respect to FIGURES 2 and 
3, the MSG 10 broadcast the message 14 on its control channel 
indicating that global challenge authentication is required at system 
access. The mobile station 12 receives the message 14. Before 
performing periodic registration, the mobile station 12 determines 
whether the message 14 received from the MSG indicates whether 
global challenge is required upon system access (step 16). If global 
challenge is required for system access, the mobile station 12 verifies 
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(step 44) whether the control channel is the same as when the last 
global challenge authentication was performed. If the control channel 
is not the same, the method moves to step 18, where the mobile station 
12 performs global challenge authentication calculation to obtain the 
authentication signature and includes the authentication signature in 
the registration message (step 20). In the alternative, if it has been 
determined in step 44 that the control channel is the same, the 
registration message is sent (step 42) without including the 
authentication signature. The method then continues as described with 
respect to FIGURE 3. 



Switching Center (MSG) for performing global challenge 
authentication registration handling in accordance with the teachings 
of the present invention. The MSG 10 includes an input port 100 for 
receiving the registration message from the mobile station, as 
previously described with respect to FIGURES 2, 3 and 4. The MSG 
also includes global challenge authentication logic 104 for 
determining whether global challenge authentication is required for 
the mobile station from which the registration message has been 
received. The global challenge authentication logic 104 may consist 
for example of a process encoded in the MSG. The global challenge 
authentication logic further has capabilities for verifying that the 
Visitor Location Register (VLR) relating to the MSG has a record for 
the mobile station from which the registration message has been 



Turning now to FIGURE 6, there is shown a Mobile 
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received, and/or that the mobile station from which the registration has 
been received has previously succeeded authentication. 

The global challenge authentication logic consists of an 
activation module 106 for activating and deactivating the global 
challenge authentication logic. The global challenge authentication 
logic also has a periodic registration verification module 108 for 
tracking whether global challenge authentication is broadcast as 
required for periodic registration by a broadcasting module 102. The 
periodic registration verification module 108 has capabilities for 
initiating random global authentication when the global challenge 
authentication is broadcast as not required for periodic registration. 

The MSG 10 also has a broadcasting module 102 for 
broadcasting on a control channel that global challenge authentication 
is required upon access to a cellular telecommunications network to 
which the MSG belongs. The broadcasting module 102 also has 
capabilities for broadcasting on the control channel that global 
challenge authentication is required upon access to a cellular 
telecommunications network to which the MSG belongs, but that 
global challenge authentication is not required for periodic 
registration to the cellular telecommunications network. It will be 
understood by those skilled in the art that the MSG 10 does not 
broadcast directly on the control channel, but rather that the MSG 
sends the broadcast to a base station serving the mobile station. It is 
than the base station that broadcast on its appropriate control channel 
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that global challenge authentication is required upon access. 

Referring now to FIGURE 7, there is shown a mobile station 
12 for performing global challenge authentication registration 
handling in accordance with the teachings of the present invention. 
The mobile station 12 includes an input/output module 120 for 
receiving a broadcast on a control channel and for transmitting a 
periodic registration message. The input/output module may consist, 
without being limited thereto, of an antenna to which is connected a 
radio. 

The mobile station 12 also includes a global challenge 
authentication calculation module 122 to compute an authentication 
signature, based on the mobile station identification number, 
electronic serial number, a random number received from the MSG, 
using the CAVE algorithm as previously described. 

The mobile station 12 also includes a discrimination module 
124 for determining whether the authentication signature is required 
for the periodic registration message. The discrimination module 
includes a control channel tracker 128 for determining whether the 
control channel is the same as when a previous periodic registration 
message was sent by the input/output module 120. The 
discrimination module 124 also includes a broadcast evaluation 
module 126 for determining whether the broadcast message received 
by the input/output module 120 indicates whether an authentication 
signature is required for periodic registration message. Hence, the 
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authentication signature is computed and included in the periodic 
registration message if the discrimination module 124 determines that 
it is required, and the authentication signature is not computed if the 
discrimination module 124 determines that it is not required and the 
authentication signature is not included in the periodic registration 
message before it is sent by the input/output module 120. 

It is thus believed that the operation and construction of the 
present invention will be apparent from the foregoing description. 
While the method, MSG and mobile station shown and described have 
been characterized as being preferred, it will be readily apparent that 
various changes and modifications could be made therein without 
departing from the spirit and scope of the invention as defined in the 
following claims. 



